diff options
Diffstat (limited to '')
-rw-r--r-- | external/unbound/winrc/unbound-control-setup.cmd | 328 |
1 files changed, 164 insertions, 164 deletions
diff --git a/external/unbound/winrc/unbound-control-setup.cmd b/external/unbound/winrc/unbound-control-setup.cmd index 13617927a..ddf4a06e0 100644 --- a/external/unbound/winrc/unbound-control-setup.cmd +++ b/external/unbound/winrc/unbound-control-setup.cmd @@ -1,164 +1,164 @@ -@Echo off -rem -rem unbound-control-setup.cmd - set up SSL certificates for unbound-control -rem -rem Copyright (c) 2008, NLnet Labs. All rights reserved. -rem Modified for Windows by Y.Voinov (c) 2014 -rem -rem This software is open source. -rem -rem Redistribution and use in source and binary forms, with or without -rem modification, are permitted provided that the following conditions -rem are met: -rem -rem Redistributions of source code must retain the above copyright notice, -rem this list of conditions and the following disclaimer. -rem -rem Redistributions in binary form must reproduce the above copyright notice, -rem this list of conditions and the following disclaimer in the documentation -rem and/or other materials provided with the distribution. -rem -rem Neither the name of the NLNET LABS nor the names of its contributors may -rem be used to endorse or promote products derived from this software without -rem specific prior written permission. -rem -rem THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS -rem "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT -rem LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR -rem A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT -rem HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -rem SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED -rem TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR -rem PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF -rem LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING -rem NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS -rem SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - -rem settings: - -rem directory for files -set prefix="C:\Program Files (x86)" -set DESTDIR=%prefix%\Unbound - -rem issuer and subject name for certificates -set SERVERNAME=unbound -set CLIENTNAME=unbound-control - -rem validity period for certificates -set DAYS=7200 - -rem size of keys in bits -set BITS=1536 - -rem hash algorithm -set HASH=sha256 - -rem base name for unbound server keys -set SVR_BASE=unbound_server - -rem base name for unbound-control keys -set CTL_BASE=unbound_control - -rem end of options - -rem Check OpenSSL installed -for /f "delims=" %%a in ('where openssl') do @set SSL_PROGRAM=%%a -if /I "%SSL_PROGRAM%"=="" echo SSL not found. If installed, add path to PATH environment variable. & exit 1 -echo SSL found: %SSL_PROGRAM% - -set arg=%1 -if /I "%arg%" == "-h" goto help -if /I "%arg%"=="-d" set DESTDIR=%2 - -rem go!: -echo setup in directory %DESTDIR% -cd %$DESTDIR% - -rem create certificate keys; do not recreate if they already exist. -if exist $SVR_BASE.key ( -echo %SVR_BASE%.key exists -goto next -) -echo generating %SVR_BASE%.key -"%SSL_PROGRAM%" genrsa -out %SVR_BASE%.key %BITS% || echo could not genrsa && exit 1 - -:next -if exist %CTL_BASE%.key ( -echo %CTL_BASE%.key exists -goto next2 -) -echo generating %CTL_BASE%.key -"%SSL_PROGRAM%" genrsa -out %CTL_BASE%.key %BITS% || echo could not genrsa && exit 1 - -:next2 -rem create self-signed cert for server -if exist request.cfg (del /F /Q /S request.cfg) -echo [req]>>request.cfg -echo default_bits=%BITS%>>request.cfg -echo default_md=%HASH%>>request.cfg -echo prompt=no>>request.cfg -echo distinguished_name=req_distinguished_name>>request.cfg -echo.>>request.cfg -echo [req_distinguished_name]>>request.cfg -echo commonName=%SERVERNAME%>>request.cfg - -if not exist request.cfg ( -echo could not create request.cfg -exit 1 -) - -echo create %SVR_BASE%.pem (self signed certificate) -"%SSL_PROGRAM%" req -key %SVR_BASE%.key -config request.cfg -new -x509 -days %DAYS% -out %SVR_BASE%.pem || echo could not create %SVR_BASE%.pem && exit 1 -rem create trusted usage pem -"%SSL_PROGRAM%" x509 -in %SVR_BASE%.pem -addtrust serverAuth -out %SVR_BASE%_trust.pem - -rem create client request and sign it -if exist request.cfg (del /F /Q /S request.cfg) -echo [req]>>request.cfg -echo default_bits=%BITS%>>request.cfg -echo default_md=%HASH%>>request.cfg -echo prompt=no>>request.cfg -echo distinguished_name=req_distinguished_name>>request.cfg -echo.>>request.cfg -echo [req_distinguished_name]>>request.cfg -echo commonName=%CLIENTNAME%>>request.cfg - -if not exist request.cfg ( -echo could not create request.cfg -exit 1 -) - -echo create %CTL_BASE%.pem (signed client certificate) -"%SSL_PROGRAM%" req -key %CTL_BASE%.key -config request.cfg -new | "%SSL_PROGRAM%" x509 -req -days %DAYS% -CA %SVR_BASE%_trust.pem -CAkey %SVR_BASE%.key -CAcreateserial -%HASH% -out %CTL_BASE%.pem - -if not exist %CTL_BASE%.pem ( -echo could not create %CTL_BASE%.pem -exit 1 -) -rem create trusted usage pem -rem "%SSL_PROGRAM%" x509 -in %CTL_BASE%.pem -addtrust clientAuth -out %CTL_BASE%_trust.pem - -rem see details with "%SSL_PROGRAM%" x509 -noout -text < %SVR_BASE%.pem -rem echo "create %CTL_BASE%_browser.pfx (web client certificate)" -rem echo "create webbrowser PKCSrem12 .PFX certificate file. In Firefox import in:" -rem echo "preferences - advanced - encryption - view certificates - your certs" -rem echo "empty password is used, simply click OK on the password dialog box." -rem "%SSL_PROGRAM%" pkcs12 -export -in %CTL_BASE%_trust.pem -inkey %CTL_BASE%.key -name "unbound remote control client cert" -out %CTL_BASE%_browser.pfx -password "pass:" || echo could not create browser certificate && exit 1 - -rem remove crap -del /F /Q /S request.cfg -del /F /Q /S %CTL_BASE%_trust.pem -del /F /Q /S %SVR_BASE%_trust.pem -del /F /Q /S %SVR_BASE%_trust.srl - -echo Setup success. Certificates created. Enable in unbound.conf file to use - -exit 0 - -:help -echo unbound-control-setup.cmd - setup SSL keys for unbound-control -echo -d dir use directory to store keys and certificates. -echo default: %DESTDIR% -echo please run this command using the same user id that the -echo unbound daemon uses, it needs read privileges. -exit 1 +@Echo off
+rem
+rem unbound-control-setup.cmd - set up SSL certificates for unbound-control
+rem
+rem Copyright (c) 2008, NLnet Labs. All rights reserved.
+rem Modified for Windows by Y.Voinov (c) 2014
+rem
+rem This software is open source.
+rem
+rem Redistribution and use in source and binary forms, with or without
+rem modification, are permitted provided that the following conditions
+rem are met:
+rem
+rem Redistributions of source code must retain the above copyright notice,
+rem this list of conditions and the following disclaimer.
+rem
+rem Redistributions in binary form must reproduce the above copyright notice,
+rem this list of conditions and the following disclaimer in the documentation
+rem and/or other materials provided with the distribution.
+rem
+rem Neither the name of the NLNET LABS nor the names of its contributors may
+rem be used to endorse or promote products derived from this software without
+rem specific prior written permission.
+rem
+rem THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+rem "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+rem LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+rem A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+rem HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+rem SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+rem TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+rem PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+rem LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+rem NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+rem SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+rem settings:
+
+rem directory for files
+set prefix="C:\Program Files (x86)"
+set DESTDIR=%prefix%\Unbound
+
+rem issuer and subject name for certificates
+set SERVERNAME=unbound
+set CLIENTNAME=unbound-control
+
+rem validity period for certificates
+set DAYS=7200
+
+rem size of keys in bits
+set BITS=1536
+
+rem hash algorithm
+set HASH=sha256
+
+rem base name for unbound server keys
+set SVR_BASE=unbound_server
+
+rem base name for unbound-control keys
+set CTL_BASE=unbound_control
+
+rem end of options
+
+rem Check OpenSSL installed
+for /f "delims=" %%a in ('where openssl') do @set SSL_PROGRAM=%%a
+if /I "%SSL_PROGRAM%"=="" echo SSL not found. If installed, add path to PATH environment variable. & exit 1
+echo SSL found: %SSL_PROGRAM%
+
+set arg=%1
+if /I "%arg%" == "-h" goto help
+if /I "%arg%"=="-d" set DESTDIR=%2
+
+rem go!:
+echo setup in directory %DESTDIR%
+cd %DESTDIR%
+
+rem create certificate keys; do not recreate if they already exist.
+if exist %SVR_BASE%.key (
+echo %SVR_BASE%.key exists
+goto next
+)
+echo generating %SVR_BASE%.key
+"%SSL_PROGRAM%" genrsa -out %SVR_BASE%.key %BITS% || echo could not genrsa && exit 1
+
+:next
+if exist %CTL_BASE%.key (
+echo %CTL_BASE%.key exists
+goto next2
+)
+echo generating %CTL_BASE%.key
+"%SSL_PROGRAM%" genrsa -out %CTL_BASE%.key %BITS% || echo could not genrsa && exit 1
+
+:next2
+rem create self-signed cert for server
+if exist request.cfg (del /F /Q /S request.cfg)
+echo [req]>>request.cfg
+echo default_bits=%BITS%>>request.cfg
+echo default_md=%HASH%>>request.cfg
+echo prompt=no>>request.cfg
+echo distinguished_name=req_distinguished_name>>request.cfg
+echo.>>request.cfg
+echo [req_distinguished_name]>>request.cfg
+echo commonName=%SERVERNAME%>>request.cfg
+
+if not exist request.cfg (
+echo could not create request.cfg
+exit 1
+)
+
+echo create %SVR_BASE%.pem (self signed certificate)
+"%SSL_PROGRAM%" req -key %SVR_BASE%.key -config request.cfg -new -x509 -days %DAYS% -out %SVR_BASE%.pem || echo could not create %SVR_BASE%.pem && exit 1
+rem create trusted usage pem
+"%SSL_PROGRAM%" x509 -in %SVR_BASE%.pem -addtrust serverAuth -out %SVR_BASE%_trust.pem
+
+rem create client request and sign it
+if exist request.cfg (del /F /Q /S request.cfg)
+echo [req]>>request.cfg
+echo default_bits=%BITS%>>request.cfg
+echo default_md=%HASH%>>request.cfg
+echo prompt=no>>request.cfg
+echo distinguished_name=req_distinguished_name>>request.cfg
+echo.>>request.cfg
+echo [req_distinguished_name]>>request.cfg
+echo commonName=%CLIENTNAME%>>request.cfg
+
+if not exist request.cfg (
+echo could not create request.cfg
+exit 1
+)
+
+echo create %CTL_BASE%.pem (signed client certificate)
+"%SSL_PROGRAM%" req -key %CTL_BASE%.key -config request.cfg -new | "%SSL_PROGRAM%" x509 -req -days %DAYS% -CA %SVR_BASE%_trust.pem -CAkey %SVR_BASE%.key -CAcreateserial -%HASH% -out %CTL_BASE%.pem
+
+if not exist %CTL_BASE%.pem (
+echo could not create %CTL_BASE%.pem
+exit 1
+)
+rem create trusted usage pem
+rem "%SSL_PROGRAM%" x509 -in %CTL_BASE%.pem -addtrust clientAuth -out %CTL_BASE%_trust.pem
+
+rem see details with "%SSL_PROGRAM%" x509 -noout -text < %SVR_BASE%.pem
+rem echo "create %CTL_BASE%_browser.pfx (web client certificate)"
+rem echo "create webbrowser PKCSrem12 .PFX certificate file. In Firefox import in:"
+rem echo "preferences - advanced - encryption - view certificates - your certs"
+rem echo "empty password is used, simply click OK on the password dialog box."
+rem "%SSL_PROGRAM%" pkcs12 -export -in %CTL_BASE%_trust.pem -inkey %CTL_BASE%.key -name "unbound remote control client cert" -out %CTL_BASE%_browser.pfx -password "pass:" || echo could not create browser certificate && exit 1
+
+rem remove crap
+del /F /Q /S request.cfg
+del /F /Q /S %CTL_BASE%_trust.pem
+del /F /Q /S %SVR_BASE%_trust.pem
+del /F /Q /S %SVR_BASE%_trust.srl
+
+echo Setup success. Certificates created. Enable in unbound.conf file to use
+
+exit 0
+
+:help
+echo unbound-control-setup.cmd - setup SSL keys for unbound-control
+echo -d dir use directory to store keys and certificates.
+echo default: %DESTDIR%
+echo please run this command using the same user id that the
+echo unbound daemon uses, it needs read privileges.
+exit 1
|